WO2002062010A2 - Method and system for the encryption of data - Google Patents
Method and system for the encryption of data Download PDFInfo
- Publication number
- WO2002062010A2 WO2002062010A2 PCT/EP2002/000279 EP0200279W WO02062010A2 WO 2002062010 A2 WO2002062010 A2 WO 2002062010A2 EP 0200279 W EP0200279 W EP 0200279W WO 02062010 A2 WO02062010 A2 WO 02062010A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- datastream
- box
- combination device
- encryption
- input
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
Definitions
- the invention relates to a method for the encryption of a l datastream, comprising the steps:
- the datastream is logically combined with a secret key or data derived therefrom;
- the resulting datastream is processed in an S-box in which the offered datastream is converted in a manner that cannot be predicted outside the system.
- the invention also relates to a system, for the encryption of the datastream, comprising a combination device in which the datastream is logically combined with a secret key or data derived therefrom and an S-box in which the datastream processed ' by the combination device is converted in an unpredictable manner . .
- An S-Box (in full: substitution box) can comprise a table in 1 which, starting from the input values, output values are looked up and outputted with the aid of indexes. S-Boxes create an unpredictable relationship between the input and output of an encryption module .
- the invention proposes an improved method for the encryption of a datastream wherein the steps in which the datastream is combined with a secret key and the resulting datastream is converted unpredictably in an S-box are preceded by a step in which the datastream is first converted in an extra, "initial S- box" in a manner that is unpredictable for an attacker and only thereafter combined with the secret key.
- the encryption system - comprising a combination device in which the datastream is combined with the key, and an S-box in which the datastream is subsequently converted unpredictably - comprises according to the invention an initial S-box in which the datastream fed to the system is converted in an unpredictable manner and subsequently offered to the combination device.
- Figure 1 shows a "state-or-the-art" system for the encryption of the datastream I, comprising a combination device 1 in which the datastream is combined logically with a secret key K (i.e. modulo 2 addition, represented in the rest of the text by "I +
- K i.e. modulo 2 addition
- MOD 21 K represented in the figures by ⁇
- S-box 2 in which the datastream processed by the combination device 1 is converted in an unpredictable manner to an output datastream O.
- the figure shows the (known) system twice.
- the combination device 1 adds a data element Ii modulo 2 to a key element Ki and the S-box 2 subsequently converts the result to an output datastream O ⁇ .
- the combination device 1 adds a data element I2 modulo 2 to a key element K 2 and the S-box 2 subsequently converts the result to an output datastream O2.
- the attacker keeps manipulating the first datastream input Ii and the second datastream input I 2 until the first input Ii combined - in the combination device 1 - with the first part of the secret key material Ki is equal to the second input I 2 combined with the second part of the key material K 2 .
- the attacker can deduce whether he managed to make Ii +
- the invention solves this security problem by not combining the input I directly with the key material K, but by using the input first as index for an initial S-Box 3. This eliminates the influence that the attacker can exercise on the input for the EXOR operation in the combination device 1 with the key material K and thus on the input for the S-Box 2.
- Figure 2 shows this schematically.
- the datastream I is, before being offered to the combination device 1, first fed to the initial S-box 3.
- the output of this S-Box 3 is represented by S3 [I].
- S3 [I] After the EXOR operation (modulo-2 addition) of S3 [I] and K, the result is S3 [I] +
- the input of the S-Box 2 is screened from attackers and can therefore no longer be manipulated, which prevents attackers from discovering the secret key by varying the input data and simultaneously analysing the current consumption. It is important to keep the contents of S-Box 3 secret from the attacker, otherwise he could still manipulate I such that the above described attack would still be possible.
- a secret S-Box which can be achieved with the aid of the invention described in [2] , the values of S[I] are unknown to the attacker, even if the values of I are known.
- FIG. 3 Another embodiment is shown in figure 3.
- 0 (the output of the second S-Box 2) is again the input for a feedback shift register 4. It is customary to initially load the secret key in this shift register.
- A is the final result of the encryption system and is, for example, a value by which a party can authenticate itself by means of a "challenge & response" method.
- I is in this case a data series that is sent by the verifying party as "challenge" to a user who has to authenticate himself. The verifying party subsequently compares the
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Lock And Its Accessories (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP02702261A EP1356627B1 (en) | 2001-01-19 | 2002-01-14 | Method and system for the encryption of data |
US10/451,233 US20040047468A1 (en) | 2001-01-19 | 2002-01-14 | Method and system for the encryption of data |
DE60226007T DE60226007T2 (en) | 2001-01-19 | 2002-01-14 | METHOD AND SYSTEM FOR DATA ENCRYPTION |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
NL1017151A NL1017151C2 (en) | 2001-01-19 | 2001-01-19 | Method and system for encrypting data. |
NL1017151 | 2001-01-19 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2002062010A2 true WO2002062010A2 (en) | 2002-08-08 |
WO2002062010A3 WO2002062010A3 (en) | 2003-01-03 |
Family
ID=19772760
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2002/000279 WO2002062010A2 (en) | 2001-01-19 | 2002-01-14 | Method and system for the encryption of data |
Country Status (8)
Country | Link |
---|---|
US (1) | US20040047468A1 (en) |
EP (1) | EP1356627B1 (en) |
AT (1) | ATE392064T1 (en) |
DE (1) | DE60226007T2 (en) |
ES (1) | ES2305199T3 (en) |
NL (1) | NL1017151C2 (en) |
PT (1) | PT1356627E (en) |
WO (1) | WO2002062010A2 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9379887B2 (en) | 2012-09-14 | 2016-06-28 | Qualcomm Incorporated | Efficient cryptographic key stream generation using optimized S-box configurations |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000060807A1 (en) * | 1999-04-01 | 2000-10-12 | Koninklijke Kpn N.V. | Method for enciphering a series of symbols applying a function and a key |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4319079A (en) * | 1979-09-13 | 1982-03-09 | Best Robert M | Crypto microprocessor using block cipher |
US5473693A (en) * | 1993-12-21 | 1995-12-05 | Gi Corporation | Apparatus for avoiding complementarity in an encryption algorithm |
-
2001
- 2001-01-19 NL NL1017151A patent/NL1017151C2/en not_active IP Right Cessation
-
2002
- 2002-01-14 ES ES02702261T patent/ES2305199T3/en not_active Expired - Lifetime
- 2002-01-14 US US10/451,233 patent/US20040047468A1/en not_active Abandoned
- 2002-01-14 AT AT02702261T patent/ATE392064T1/en not_active IP Right Cessation
- 2002-01-14 EP EP02702261A patent/EP1356627B1/en not_active Expired - Lifetime
- 2002-01-14 PT PT02702261T patent/PT1356627E/en unknown
- 2002-01-14 WO PCT/EP2002/000279 patent/WO2002062010A2/en active IP Right Grant
- 2002-01-14 DE DE60226007T patent/DE60226007T2/en not_active Expired - Lifetime
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000060807A1 (en) * | 1999-04-01 | 2000-10-12 | Koninklijke Kpn N.V. | Method for enciphering a series of symbols applying a function and a key |
Non-Patent Citations (1)
Title |
---|
GOUBIN L ET AL: "DES AND DIFFERENTIAL POWER ANALYSIS THE DUPLICATION METHOD" CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS. INTERNATIONAL WORKSHOP, XX, XX, August 1999 (1999-08), pages 158-172, XP000952192 * |
Also Published As
Publication number | Publication date |
---|---|
NL1017151C2 (en) | 2002-07-22 |
US20040047468A1 (en) | 2004-03-11 |
DE60226007T2 (en) | 2009-05-14 |
DE60226007D1 (en) | 2008-05-21 |
PT1356627E (en) | 2008-07-09 |
EP1356627A2 (en) | 2003-10-29 |
ATE392064T1 (en) | 2008-04-15 |
EP1356627B1 (en) | 2008-04-09 |
ES2305199T3 (en) | 2008-11-01 |
WO2002062010A3 (en) | 2003-01-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4828082B2 (en) | Replacement box for symmetric key cryptography | |
Preneel et al. | On the security of iterated message authentication codes | |
Preneel et al. | MDx-MAC and building fast MACs from hash functions | |
Isobe et al. | Security analysis of the lightweight block ciphers XTEA, LED and Piccolo | |
US5745577A (en) | Symmetric cryptographic system for data encryption | |
Saraf et al. | Text and image encryption decryption using advanced encryption standard | |
Dunkelman et al. | Improved meet-in-the-middle attacks on reduced-round DES | |
Preneel et al. | Recent developments in the design of conventional cryptographic algorithms | |
Wu et al. | JAMBU lightweight authenticated encryption mode and AES-JAMBU | |
WO2008064704A1 (en) | Method and device for preventing information leakage attacks on a device implementing a cryptographic function | |
Gruber et al. | Persistent fault analysis of OCB, DEOXYS and COLM | |
US5909494A (en) | System and method for constructing a cryptographic pseudo random bit generator | |
Brown et al. | Introducing the new LOKI97 block cipher | |
Shin et al. | Differential-linear type attacks on reduced rounds of SHACAL-2 | |
KR100848318B1 (en) | Method and Apparatus for generating user secret key in mobile communication system | |
Ankele et al. | MergeMAC: a MAC for authentication with strict time constraints and limited bandwidth | |
EP1356627B1 (en) | Method and system for the encryption of data | |
Golić | Modes of operation of stream ciphers | |
Phan | Cryptanalysis of full Skipjack block cipher | |
Hawkes et al. | Primitive specification for NLS | |
Feng et al. | Fault analysis on a new block cipher DBlock with at most two fault injections | |
Rose et al. | The t-class of SOBER stream ciphers | |
Lu et al. | The higher-order meet-in-the-middle attack and its application to the Camellia block cipher | |
Backendal et al. | When Messages Are Keys: Is HMAC a Dual-PRF? | |
Handschuh et al. | On the security of double and 2-key triple modes of operation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002702261 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10451233 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 2002702261 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |
|
WWG | Wipo information: grant in national office |
Ref document number: 2002702261 Country of ref document: EP |